Medical Privacy Violations and Medical Malpractice

If we think about a typical medical malpractice claim, we are likely to imagine a situation in which a patient suffered a physical harm as a result of a healthcare professional’s negligence. Yet according to a recent article in NPR, medical negligence cases may also extend to medical privacy violations in which an entirely different type of injury occurs. Indeed, data breaches can cause serious harms to patients and may in fact amount to medical malpractice.

How do data breaches impact patients, and who is liable when there is a violation of the Health Insurance Portability and Accountability Act (HIPAA)?

Patient Injuries Caused By Data Breaches

In our current age of technology and social media, violations of patient privacy can have very real effects in a patient’s life. For instance, the NPR article discusses a situation in which a patient visited her doctor’s office and soon thereafter experienced a serious breach of her privacy rights. The patient logged onto Facebook to discover a message that pertained to private information in her medical files. The public post exclaimed, “PPL WORLD WIDE,” the patient “IS HPV POSITIVE!.” The social media post not only gave the patient’s full name alongside information about her human papillomavirus diagnosis, but it also “included her date of birth.” Human papilloma virus, the article explains, is “a sexually transmitted disease that can cause genital warts and cancer.”

How did this information become public? The person who posted the information on Facebook was a “patient care technician at the local hospital where [the patient] was treated,” and the two formerly had been friends. However, the patient care technician illegally accessed the patient’s file and exposed information from it—in violation of HIPAA—for the public to see. As NPR explains, HIPAA makes it “illegal for healthcare providers to share patients’ treatment information without their permission.”

After the privacy breach, the patient complained to a supervisor at the healthcare facility, but all she received was an apology letter. Should the federal government be responsible for taking enforcement actions when HIPAA is violated? Or should patients expect to be compensated for injuries caused by data breaches by filing medical malpractice lawsuits?

Filing a Medical Malpractice Claim for a Privacy Violation

Each year, the Office for Civil Rights (which is part of the U.S. Department of Health and Human Services and is currently responsible for enforcing HIPAA) receives more than 30,000 complaints about medical privacy violations. In large part, the agency has focused on large-scale data breaches that impact hundreds or even thousands of patients when, for instance, a healthcare facility is hacked. Yet as the article points out, there is often little actual harm in these cases—there is “much information exposed but little exploited.”

Cases like the individual patient’s tend to be those in which more serious harms occur.  According to the director of the Office for Civil Rights, these occurrences are exactly “the kinds of harm that HIPAA is intended to address.” In some states, patients have begun filing medical negligence claims to seek compensation for these injuries, and in some instances, juries have awarded millions of dollars in damages.

If you suffered an injury caused by a medical data breach, you may be eligible to file a medical malpractice lawsuit. You should discuss your situation with a dedicated Naperville medical malpractice attorney as soon as possible. Contact Woodruff Johnson & Evans Law Offices today to learn more about our services.